Lucene search
China National Vulnerability DatabaseCNVD-2022-70605HistoryApr 19, 2022 - 12:00 a.m.
WordPress plugin Caldera Forms cross-site scripting vulnerability
2022-04-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
46
wordpress
platform
cross-site scripting
vulnerability
caldera forms
plugin
php
validation
escape
cf-api
response
attackers
EPSS
0.001
Percentile
40.2%
WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin’s failure to validate and escape cf-api parameters before outputting them back to the response, which can be exploited by attackers to cause reflected cross-site scripting.
Related
cve
cve
CVE-2022-0879
2022-04-18 18:15:08
patchstack
patchstack
prion
prion
Cross site scripting
2022-04-18 18:15:00
wpvulndb
wpvulndb
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-28 00:00:00
wpexploit
wpexploit
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-28 00:00:00
nvd
nvd
CVE-2022-0879
2022-04-18 18:15:08
cvelist
cvelist
CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-04-18 17:10:39